https://www.pm50plus.co.uk/tags/token/Recent content in Token on Work In ProgressHugoen-usFri, 23 May 2025 00:00:00 +0000https://www.pm50plus.co.uk/post/2025-05-23-graphql-jwks-part-2/Fri, 23 May 2025 00:00:00 +0000https://www.pm50plus.co.uk/post/2025-05-23-graphql-jwks-part-2/<h1 id="an-introduction-to-using-jwts-with-graphql-for-auradb---part-two">An introduction to using JWTs with GraphQL for AuraDB - Part Two</h1> <p>In <a href="https://www.pm50plus.co.uk/2025/05/16/graphql-jwks-part-1.html">part one</a> I covered how to set up GraphQL for AuraDB to use JWTs and the identity provider, okta, that generates them.</p> <p>This blog will look at using properties of a token to control access to the API and the data within.</p> <p>But I&rsquo;m overreaching a bit as I&rsquo;m assuming knowledge ( a trap so easier to stumble into when trying to convey information ) on the topic of JSON Web Token (JWT ).</p>https://www.pm50plus.co.uk/post/2025-05-16-graphql-jwks-part-1/Fri, 16 May 2025 00:00:00 +0000https://www.pm50plus.co.uk/post/2025-05-16-graphql-jwks-part-1/<h1 id="an-introduction-to-using-jwts-with-graphql-for-auradb---part-one">An introduction to using JWTs with GraphQL for AuraDB - Part One</h1> <p>There are two options ( we&rsquo;re looking at another token based approach for the future ) to control access to a GraphQL for AuraDB endpoint</p> <ul> <li>API Key</li> <li>JWT</li> </ul> <p>Using APIs keys are asimple, straight forward approach to control access to a GraphQL API and work really well for development environments. For production environments we recommend the use of a 3rd party indentity provider that manages tokens in the form of JWTs as these provide more flexibility when securing access to your GraphQL. Additionally, JWTs enable the use of rules within your type definitions for authentication and authorisation.</p>https://www.pm50plus.co.uk/post/2024-10-24-app-token-query-api/Thu, 24 Oct 2024 00:00:00 +0000https://www.pm50plus.co.uk/post/2024-10-24-app-token-query-api/<h1 id="applications-tokens-and-neo4j-query-api">Applications, Tokens and Neo4j Query API</h1> <h1 id="using-tokens-with-applications-and-neo4j-query-api-for-auth">Using tokens with Applications and Neo4j Query API for auth</h1> <p>In a previous blog post I discussed a web application obtaining and using a token with Neo4j Query API as a result of a user successfully authenticating. This entry looks at what would be involved for an application to obtain a token and use it with Neo4j Query API.</p> <p><strong>Plot spoiler</strong> - it&rsquo;s very similar.</p>https://www.pm50plus.co.uk/post/2024-10-17-token-query-api-the-code/Thu, 17 Oct 2024 00:00:00 +0000https://www.pm50plus.co.uk/post/2024-10-17-token-query-api-the-code/<h1 id="commentary-on-the-web-application-code-used-in-sso-post">Commentary on the web application code used in SSO post</h1> <p>As a follow on from my previous blog post, the trinity of SSO, Neo4j and a web application, this entry takes a deeper look at the code used for the web application to see how it all fits together.</p> <p>Given my JS / React knowledge is basic ( and I&rsquo;m flattering myself there ) the more experienced of you are likely to be amused at my efforts.</p>https://www.pm50plus.co.uk/post/2024-10-16-token-query-api/Wed, 16 Oct 2024 00:00:00 +0000https://www.pm50plus.co.uk/post/2024-10-16-token-query-api/<h1 id="the-trinity-of-sso-neo4j-and-a-web-application">The trinity of SSO, Neo4j and a web application</h1> <p>Consider a web application that consumes data from Neo4j. This will require the web application to authenticate and retrieve that data using credentials that are accepted by Neo4j. If our users needed to remember one set of credentials for the web application, another set for Neo4j and then enter those at the correct moment, it&rsquo;s going to be a jarring user experience.</p>